package com.drops.poc;

import cn.hutool.http.HttpResponse;
import com.drops.entity.ControllersFactory;
import com.drops.ui.MainController;
import com.drops.utils.HTTPUtils;
import com.drops.utils.ResponseUtil;
import com.drops.utils.URLUtil;
import com.drops.utils.Utils;

/**
 * @ClassName: JolokiaLogbackRCEPOC
 * @Description: TODO
 * @Author: Summer
 * @Date: 2021/7/29 14:51
 * @Version: v1.0.0
 * @Description:
 **/
public class JolokiaLogbackRCEPOC {


    private final MainController mainController;

    public JolokiaLogbackRCEPOC() {
        this.mainController = (MainController) ControllersFactory.controllers.get(MainController.class.getSimpleName());

    }

    public  boolean hasJolokiaLogbackRCE(String target){
        String regex = "jolokia-core";
        String context = HTTPUtils.getRequest(target).body();
//        this.mainController.logTextArea.appendText(Utils.log("正在验证是否存在依赖jolokia-core"));
        if (context.contains(regex)){
            this.mainController.logTextArea.appendText(Utils.log("存在依赖jolokia-core"));
            String url = URLUtil.getROOT(target) + "jolokia/list";
            String url2 = URLUtil.getROOT(target) + "actuator/jolokia/list";
            HttpResponse re = HTTPUtils.getRequest(url);
            if (ResponseUtil.getStats(re) == 200){
                String res = ResponseUtil.getBoby(re);
                if (res.contains("ch.qos.logback.classic.jmx.JMXConfigurator") || res.contains("reloadByURL")){
                    this.mainController.logTextArea.appendText(Utils.log("存在 ch.qos.logback.classic.jmx.JMXConfigurator 和 reloadByURL 关键词!"));
                    this.mainController.logTextArea.appendText(Utils.log("存在 jolokia logback JNDI RCE 漏洞"));
                    return true;
                }
            }else {
                String res = HTTPUtils.getRequest(url2).body();
                if (res.contains("ch.qos.logback.classic.jmx.JMXConfigurator") || res.contains("reloadByURL")){
                    this.mainController.logTextArea.appendText(Utils.log("存在 ch.qos.logback.classic.jmx.JMXConfigurator 和 reloadByURL 关键词!"));
                    this.mainController.logTextArea.appendText(Utils.log("存在 jolokia logback JNDI RCE 漏洞"));
                    return true;
                }
            }

        }
        return false;
    }

    public static void main(String[] args) {
        JolokiaRealmJNDIRCEPOC poc = new JolokiaRealmJNDIRCEPOC();
        poc.hasJolokiaRealmJNDIRCE("http://127.0.0.1:9095/env");
    }
}
